How To Install Rsyslog Log Server on Linux

In this tutorial, we are going to explain step by step how to install a Rsyslog log server on Linux systems.

What is Rsyslog?

Rsyslog (rocket-fast system for log) is a utility designed to offer high performance, excellent security features and a modular design that can be scaled to meet the needs of the company.

Rsyslog can accept inputs from a wide variety of sources, transform them and generate results for different destinations, optimizing IT management.

Install & Verify Status of Rsyslog

The Rsyslog daemon is installed automatically in most Linux distributions, but if not, we must execute the following commands:

In Debian systems

sudo apt-get install Rsyslog

On RedHat or CentOS systems

sudo yum install Rsyslog

We can verify the current status of Rsyslog by running the next line:

On Linux distributions that use Systemd

systemctl status rsyslog.service

In old versions of Linux

service rsyslog status
/etc/init.d/rsyslog status

In case the status of the Rsyslog service is inactive, we can start it by executing the following:

New versions of Linux

systemctl start rsyslog.service

Od versions of Linux

service rsyslog start
/etc/init.d/rsyslog start

Configure Rsyslog

To configure a rsyslog program to be run in server mode, we must edit the configuration file in the /etc/rsyslog.conf directory.

We can access using the desired editor:

sudo nano /etc/rsyslog.conf

There we will make the following changes. Locate and uncomment, removing the sign (#), from the following lines to allow the reception of UDP registration messages on port 514. By default, the UDP port is used by syslog to send and receive messages:

$ModLoad imudp
$UDPServerRun 514

The UDP protocol is not reliable for exchanging data over a network, so we can configure Rsyslog to send log messages to a remote server through the TCP protocol. To enable the TCP reception protocol, we will eliminate the following lines:

$ModLoad imtcp
$InputTCPServerRun 514

This will allow the rsyslog daemon to bind and listen on a TCP socket on port 514.

Both protocols can be enabled in rsyslog to run simultaneously on Linux.

If it is necessary to specify which senders are allowed access to the rsyslog daemon, we must add the following lines:

$AllowedSender TCP,,, *

At this point, it will be required to create a new template which will be analyzed by rsyslog daemon before receiving the incoming records.

This template should tell the local Rsyslog server where to store the incoming log messages. This template will go after the $ AllowedSender line:

$template Incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?Incoming-logs
& ~

To register only the messages generated by kern, we will add the following. With the above, the received records are analyzed by the template and will be stored in the local file system in the / var/log / directory, in the path:% HOSTNAME% and% PROGRAMNAME%.

kern.* ?Incoming-logs

Save the changes using the following key combination Ctrl + O and exit the editor using Ctrl + X.

Restart-Service & verify Rsyslog Ports

When we make some change we must restart the service by executing one of the following options:

sudo service rsyslog restart
sudo systemctl restart Rsyslog

To check the ports used by Rsyslog, we will run the following:

sudo netstat –tulpn | grep rsyslog

As we have indicated, the port handled will be 514, we must enable it in the firewall for use with the following lines.

On RedHat and CentOS

firewall-cmd --permanent --add-port=514/tcp
firewall-cmd –reload

On Debian

ufw allow 514/tcp
ufw allow 514/udp

If we use IPTables:

iptables -A INPUT -p tcp -m tcp --dport 514 -j ACCEPT
iptables -A INPUT -p udp --dport 514 -j ACCEPT

In this way, we have installed Rsyslog in Linux for the management of the various types of records that are generated continuously in it.

It might be interesting

Belgain Court fines Yahoo

A Belgain court has fined Yahoo for withholding personal account information that relates to email addresses of Yahoo.

Google started production of mid-budget smartphones Pixel 6a

Google has begun mass production of the Pixel 6a in several Asian countries. This once again confirms the fact that its announcement will take place very soon.

6 Best Tools To Manage Linux Partitions

One of the most essential building blocks in any computer system is the hard drive. It serves as a crucial storage component, hosting numerous applications and programs including the operating system itself. Managing multiple hard drives can be challenging, thus requiring helpful tools to ease the process.

Best 10 Free Open Source Video Editing Software

Are you looking for open source software to edit your videos? Look no further than this list of the top free video editing software options available.